diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/download-from-binary-cache.pl.in | 2 | ||||
| -rwxr-xr-x | scripts/download-using-manifests.pl.in | 3 | ||||
| -rw-r--r-- | scripts/install-nix-from-closure.sh | 2 | ||||
| -rwxr-xr-x | scripts/nix-build.in | 5 | ||||
| -rw-r--r-- | scripts/nix-profile.sh.in | 6 | ||||
| -rwxr-xr-x | scripts/nix-push.in | 9 |
6 files changed, 13 insertions, 14 deletions
diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index 60f7f9aef3d2..a4f858610aca 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -566,7 +566,7 @@ sub downloadBinary { die if $requireSignedBinaryCaches && !defined $info->{signedBy}; print STDERR "\n*** Downloading ‘$url’ ", ($requireSignedBinaryCaches ? "(signed by ‘$info->{signedBy}’) " : ""), "to ‘$storePath’...\n"; checkURL $url; - if (system("$Nix::Config::curl --fail --location --insecure --connect-timeout $curlConnectTimeout -A '$userAgent' '$url' $decompressor | $Nix::Config::binDir/nix-store --restore $destPath") != 0) { + if (system("$Nix::Config::curl --fail --location --connect-timeout $curlConnectTimeout -A '$userAgent' '$url' $decompressor | $Nix::Config::binDir/nix-store --restore $destPath") != 0) { warn "download of ‘$url’ failed" . ($! ? ": $!" : "") . "\n"; next; } diff --git a/scripts/download-using-manifests.pl.in b/scripts/download-using-manifests.pl.in index 591cd6b43a3a..ffc49f8fffde 100755 --- a/scripts/download-using-manifests.pl.in +++ b/scripts/download-using-manifests.pl.in @@ -17,8 +17,7 @@ my $logFile = "$Nix::Config::logDir/downloads"; # estimating the expected download size. my $fast = 1; -# ‘--insecure’ is fine because Nix verifies the hash of the result. -my $curl = "$Nix::Config::curl --fail --location --insecure"; +my $curl = "$Nix::Config::curl --fail --location"; # Open the manifest cache and update it if necessary. diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh index c3da59980a0a..bef5cd4f15fa 100644 --- a/scripts/install-nix-from-closure.sh +++ b/scripts/install-nix-from-closure.sh @@ -92,7 +92,7 @@ p=$NIX_LINK/etc/profile.d/nix.sh added= for i in .bash_profile .bash_login .profile; do fn="$HOME/$i" - if [ -e "$fn" ]; then + if [ -w "$fn" ]; then if ! grep -q "$p" "$fn"; then echo "modifying $fn..." >&2 echo "if [ -e $p ]; then . $p; fi # added by Nix installer" >> $fn diff --git a/scripts/nix-build.in b/scripts/nix-build.in index 0a4431681cb1..b93e5ab1390a 100755 --- a/scripts/nix-build.in +++ b/scripts/nix-build.in @@ -6,6 +6,7 @@ use Nix::Config; use Nix::Store; use Nix::Utils; use File::Basename; +use Text::ParseWords; use Cwd; binmode STDERR, ":encoding(utf8)"; @@ -56,7 +57,7 @@ if ($runEnv && defined $ARGV[0] && $ARGV[0] !~ /nix-shell/) { while (<SCRIPT>) { chomp; if (/^\#\!\s*nix-shell (.*)$/) { - push @ARGV, split(/ /, $1); + push @ARGV, shellwords($1); } } } @@ -269,7 +270,7 @@ foreach my $expr (@exprs) { my $tmp = $ENV{"TMPDIR"} // $ENV{"XDG_RUNTIME_DIR"} // "/tmp"; if ($pure) { foreach my $name (keys %ENV) { - next if grep { $_ eq $name } ("HOME", "USER", "LOGNAME", "DISPLAY", "PATH", "TERM", "IN_NIX_SHELL", "TZ", "PAGER"); + next if grep { $_ eq $name } ("HOME", "USER", "LOGNAME", "DISPLAY", "PATH", "TERM", "IN_NIX_SHELL", "TZ", "PAGER", "NIX_BUILD_SHELL"); delete $ENV{$name}; } # NixOS hack: prevent /etc/bashrc from sourcing /etc/profile. diff --git a/scripts/nix-profile.sh.in b/scripts/nix-profile.sh.in index 672d1f035f91..6616b12b0cf4 100644 --- a/scripts/nix-profile.sh.in +++ b/scripts/nix-profile.sh.in @@ -11,8 +11,8 @@ if [ -n "$HOME" ]; then export PATH=$NIX_LINK/bin:$NIX_LINK/sbin:$PATH # Subscribe the user to the Nixpkgs channel by default. - if [ ! -e $HOME/.nix-channels ]; then - echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > $HOME/.nix-channels + if [ ! -e "$HOME/.nix-channels" ]; then + echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > "$HOME/.nix-channels" fi # Append ~/.nix-defexpr/channels/nixpkgs to $NIX_PATH so that @@ -23,6 +23,8 @@ if [ -n "$HOME" ]; then # Set $SSL_CERT_FILE so that Nixpkgs applications like curl work. if [ -e /etc/ssl/certs/ca-certificates.crt ]; then # NixOS, Ubuntu, Debian, Gentoo, Arch export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + elif [ -e /etc/ssl/ca-bundle.pem ]; then # openSUSE Tumbleweed + export SSL_CERT_FILE=/etc/ssl/ca-bundle.pem elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS export SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS diff --git a/scripts/nix-push.in b/scripts/nix-push.in index 2d9d83f59b92..54456ac9512e 100755 --- a/scripts/nix-push.in +++ b/scripts/nix-push.in @@ -258,13 +258,10 @@ for (my $n = 0; $n < scalar @storePaths2; $n++) { } if (defined $secretKeyFile) { - my $s = readFile $secretKeyFile; - chomp $s; - my ($keyName, $secretKey) = split ":", $s; - die "invalid secret key file ‘$secretKeyFile’\n" unless defined $keyName && defined $secretKey; + my $secretKey = readFile $secretKeyFile; my $fingerprint = fingerprintPath($storePath, $narHash, $narSize, $refs); - my $sig = encode_base64(signString(decode_base64($secretKey), $fingerprint), ""); - $info .= "Sig: $keyName:$sig\n"; + my $sig = signString($secretKey, $fingerprint); + $info .= "Sig: $sig\n"; } my $pathHash = substr(basename($storePath), 0, 32); |